Welcome to Planet openSUSE

This is a feed aggregator that collects what openSUSE contributors are writing in their respective blogs.

To have your blog added to this aggregator, please read the instructions.

06 December, 2016


sks-keyserver logo Does it happen to you, too, that there are moments where you ask yourself why others want something from you that is there already since a while? Exactly this happened with https://keyserver.opensuse.org/: the original machine was set up a long time ago to make it easier for people attending the openSUSE GPG key-signing parties, but it looks like nobody officially announced this “new service” for our users…

…and so here we are:  the openSUSE Heroes team is pleased to announce that keyserver.opensuse.org is up and running as public GPG keyserver. We are of course also part of the official keyserver pool, which means that some people might already noticed us, as they got redirected to our server with their requests. (And for those who are interested to setup their own SKS keyserver: we have also written a nice monitoring plugin that helps you keeping an eye on the pool status of your machine and the ones of your peers.)

The server may be accessed either via it’s Web interface (please ping the Heroes if you want to improve it) or via the openPGP HTTP keyserver protocol (HKP), which is normally used by GPG clients.
Try it out by calling something like:

gpg --keyserver keyserver.opensuse.org --search-keys 0xF62B7584

on the command line, or enhance your personal GPG configuration file ~/.gnupg/gpg.conf with:

keyserver hkp://keyserver.opensuse.org

and work as before with your new, preferred GPG keyserver as standard. What more can we say, except “have fun en-/de-crypting your data!”

05 December, 2016


Release also includes support for ARMv7


The latest release from openSUSE has new images available for the Raspberry Pi and joins SUSE Linux Enterprise Server for Raspberry Pi in becoming the initial distributions with 64-bit for the Raspberry Pi 3.

The 64-bit image of openSUSE Leap 42.2 for the Raspberry Pi 3 has been out for a couple weeks.

“The ARM and AArch64 Images for openSUSE Leap 42.2 are not a once-only release,” said Dirk Mueller. “They get continuously updated and include fixes as the Leap 42.2 port matures over time. These are the first usable images, and more variants with more fixes will come over time.”

The openSUSE Leap 42.2 images for the Raspberry Pi 3 are regularly rebuilt and constantly improve functionality.

Mueller said having the stable code base of Leap images, which provides fewer updates than the Tumbleweed Raspberry Pi 3 images, give people more stability and expands user opportunities for those who are wanting to use the Raspberry Pi 3 for home automation, mail services or as a small-, low-power server.

“Overall, the most exciting thing about having Leap on the Raspberry Pi 3 is that this is a fully working upstream-based image with full 64-bit support, which is something that even the Raspberry Pi Foundation doesn’t have,” said Alexander Graf.

An upstream image means support that lands in the Linux Kernel via downstream contributors. The openSUSE Leap 42.2 kernel shares the same codebase with other architectures and is not based on the Raspberry Pi foundation maintained kernel tree, which means that some not-yet-supported upstream features like HDMI-audio and hardware-accelerated-video decoding are not available yet in the image.

“You can run the same code on your small devices and your really big devices,” Graf said.

This really makes development quite interesting with using the distribution on inexpensive and expensive devices, Graf said.

“The main reason it is interesting is because of the ability to work with both a new and old ecosystems,” he said. “People who are interested can work on the newest and latest next generation stuff or the stuff that has been there for 10 years.”

Graf does make it clear that these is still a lot to be done even after the 64-bit support arrived with the new images.

“There are things that don’t work because we are upstream based,” he said. “These things take time. The easy, low hanging fruit is cracked. Some is still missing like the power management upstream, but overall we are in a good state.”

Among things that make the openSUSE Raspberry Pi 3 images different, Graf said, is that it is the first distro that has working Kernel-based Virtual Machine (KVM) support.

The other thing is that it can work with newer or older Linux Kernels. Just like on other systems, all that is needed is to use libvirt for configuration.

“You can still update kernels and select an older kernel if the newer kernel doesn’t work,” Graf said

03 December, 2016


After a long, but exciting first day, we even managed to get some sleep before we started again and discussed the whole morning about our policies and other stuff that is now updated in the openSUSE wiki. After that, we went out for a nice lunch…

openSUSE Heroes out for lunch.

openSUSE Heroes out for lunch.

…before we started the discussion about some other topics on our list.


  • we got an agreement how we manage our “own” packages (that you can find now in the openSUSE:Infrastructure project in the openSUSE Build Service) and JeOS images.
  • Lars gave a short update about the current sponsoring status and possibilities
  • After a freeIPA presentation from Darix and a general Cloud introduction from Christian, we started a long and interesting discussion about our services, their “distribution” between Nuremberg and Provo and how to get them connected and administrated.
  • A lot of stuff around “securing our infrastructure” was not officially on the plate, but if you listened between the lines, you noticed that our admins have a secure environment always in mind – even if the topics is officially around bare metal machine administration, Salt or authentication (just to name some examples).
    Tampakrap painting on our whiteboard

    Tampakrap painting on our whiteboard

    We ended up in a short discussion about “how do we monitor all that stuff” – and if we might use Salt also for intrusion detection. Even if we finally end up on the Nuremberg Christmas Market this evening: be sure that we will continue the discussions about “Crowbar”, “SDN”, “Thruk”, “GitLab”, …. (at least until we got enough hot spiced wine ;-)

02 December, 2016


Some of the openSUSE Heroes decided during the last openSUSE Conference that it’s time for more face to face meetings to “get things done” and “work together”…

Picture from the meeting with some openSUSE Heroes discussing

Picture from the meeting with some openSUSE Heroes discussing

So starting today, some openSUSE Heroes started to spend the first December weekend in the SUSE Headquarter in Nuremberg. And they really have a lot to do, as you might imagine! That might be the reason why some of them started at 02:00 in the night to arrive at 07:00 in Nuremberg…

Starting with a personal introduction round (were they found out that we assimilated some Gentoo and Fedora admins ;-)  the next steps are

  • a quick server room tour (“get your fingers dirty and touch your machines”)
  • discuss about the next steps for the openSUSE Cloud in Provo

    Pencil painting of the SUSE Cloud network structure

    Quick draw of the SUSE Cloud setup for openSUSE.

  • discuss about handling content in the openSUSE Wiki
  • got a SaltStack training (thanks to tampakrap for the nice  training!) – we already started to update our internal Admin wiki at https://progress.opensuse.org/ with the cool stuff we learned
  • start ticket wrangling and discussion about “how to handle the trillions of issues reported to admin@opensuse.org – and how to go forward
  • while we were talking about the tickets, we moved over to the documentation part and started to work on the Wiki pages

A first – very rogue copy – of our internal minutes can be found on our mailing list.


Dear Tumbleweed users and hackers,

After releasing daily snapshots without interruption for 17 days, Tumbleweed did slow down a bit during the last week. As already mentioned in my last review, 1124 had been canceled due to an issue with sddm installing strange branding configurations. And later on, we ‘broke’ our own staging setup and needed to bootstrap a few of them, making the throughput much lower than you were used to. So, we ended up with 3 snapshots since my last review: 1125, 1128 and 1129.

The snapshots contained these interesting updates:

  • KDE Plasma 5.8.4
  • A couple X.org driver updates, in preparation for X 1.19
  • SDDM 0.14.0
  • LightDM 1.21.1

So, even if we got less snapshots, we just make them bigger – to ensure you get your frequent dose of updates.

And those things are in the pipeline:

  • X.Org 1.19 – pending on virtualbox fix
  • All the nice things the YaST Team promised
  • Hunspell 1.5 – waiting for KDE Frameworks 5.29

Note that the next snapshots might again be a bit slower due to the OBS scheduler reconfiguration that was announced by Adrian.


November is over, Santa Claus elves start to stress and the YaST team brings you one of the last reports of 2016. Let’s see what’s new in YaSTland.

Harder to ignore installation warning

The “installation settings” summary screen usually reports some non-critical errors displayed as a red text. Although the installation can proceed despite those errors, they are usually serious enough to lead to problems. That’s why we decided to introduce a change to highlight them a little bit more, making them harder to overlook.

The following screenshot shows the newly introduced confirmation dialog, presented before proceeding with installation.

Preventing users to shoot their feet

Make DHCLIENT_SET_HOSTNAME configurable on a per-interface basis

But that’s not the only usability-oriented enhancement on this sprint. We also reworked a bit the network configuration dialog.

For home users is very common to use a fixed hostname -set during installation- for our beloved linux box. But in some circumstances it’s better to set the hostname of the machine dynamically using DHCP, something YaST has always allowed to do by just ticking a checkbox that used to be in the network configuration screen. See “Change Hostname via DHCP” below.

The old network settings screen

That checkbox used to modify the system-wide variable DHCLIENT_SET_HOSTNAME, which was fine in scenarios in which only one of the network interfaces was configured via DHCP. But with several network interfaces connected to different DHCP-enabled networks, some problems arose.

During installation, if network configuration is used, Linuxrc creates the ifcfg files with DHCLIENT_SET_HOSTNAME='yes' for all of the enabled or configured interfaces and this value has precedence over the global one.

So the main problem was that YaST only allowed us to modify the global variable and setting it to ‘no’ did nothing because it was enabled for some interface.

During this sprint we have fixed that and now the user interface offers the possibility of choosing which DHCP interface will be used to decide the hostname.

The new network settings screen

Apart from choosing one of the existing interfaces, the new setting can also be set to ‘no’ or to ‘any’. In any case, YaST will always configure the system-wide options and the interface specific ones in a consistent way, so the behavior is always predictable.

But YaST is not the only way of configuring the network, so it’s always possible to have an unpredictable configuration. Fortunately, those potentially problematic scenarios will be detected by YaST and reported to the user.

Detecting dangerous scenarios in network settings

Partitioning in CASP

In the previous report we already explained how are we improving the installer to support the definition of the ultra-streamlined installation process of SUSE CASP, the new Kubernetes based member of the SUSE family.

In this sprint we introduced several additional changes to enable a different partitioning approach, more guided and automatic than ever. In a CASP node it makes no sense to use the advanced settings offered by our storage proposal, like encryption or LVM. Moreover, CASP relies on Btrfs to provide some of its cool and advanced features, like transactional updates.

As a result, although

01 December, 2016


dotsgeeko1November brought openSUSE Tumbleweed users an early holiday gift with 24 snapshots of new software and four updated Linux Kernels.

The continuous snapshot streak of Tumbleweed updates ended with snapshot 20161123, which brought Kernel 4.8.10.

More updates were in the 20161123 snapshot such as updates of yast2-storage to version 3.2.1 and Yast2-bootloader to version 3.2.10.

The streak-breaking snapshot, 20161125, brought several goodies like GTK 3.22.4, which saw Wayland patch dropped due to a fix upstream, and an update to KDE’s Plasma 5.8.4, which included several small but important bug fixes.

Oracle’s Virtualbox updated to 5.1.10 in the 20161125 snapshot and provided fixes for various issues to improve the graphical user interface. ImageMagick’s updates to version provided a fix to improve data compression decoding. Web browser Epiphany added the missing F1 keyboard shortcut to open help with an update in Tumbleweed to version 3.22.3.

Updates found in the repositories with the 20161128 snapshot added some upstream patches for Bash and Wine updated winetricks in version 1.9.24.

Snapshot 20161122 updated Mozilla Thunderbird to 45.5 and advanced text editor Vim to 8.0.92.

30 November, 2016


On November 16th there was the release of openSUSE Leap 42.2. On November 24th, I had the opportunity to present openSUSE Project at school.

I was asked to make an introduction to FLOSS in general and more specific about openSUSE Project. The school was for middle aged people, for persons who quited school to work and conftibute financially to their families. There were 3 classes that they taught something computer related. It was a great opportunity for them to learn what FLOSS is and what makes openSUSE great Linux distro.

I busted the myth that "Linux is hard because you have to be a hacker, it's terminal operated" I showed them how to install openSUSE Leap step by step (pictures) and also how to use GNOME (pictures). I mentioned our tools to make a very stable distro and finally I showed them that it's not only a distro but there are people (the communtity) that take care of the software.

There were plenty of questions about linux software alternatives, how to install, if they can replace Ubuntu/Windows with openSUSE and what is perfect suit for specific systems. Each student took a DVD with stikers and a card with Greek community information. Professors will organize an install fest for their lab and/or laptops of their students.

I would like to thank Douglas DeMaio for managing to send me DVDs and stickers and Alexandros Mouhtsis that managed with his professors to organize this presentation. Finally, I would like to thank Dimitrios Katsikas for taking pictures.

There's same post at lizards.

28 November, 2016


You might wonder why there is so high number of phpMyAdmin security announcements this year. This situations has two main reasons and I will comment a bit on those.

First of all we've got quite a lot of attention of people doing security reviews this year. It has all started with Mozilla SOS Fund funded audit. It has discovered few minor issues which were fixed in the 4.6.2 release. However this was really just the beginning of the story and the announcement has attracted quite some attention to us. In upcoming weeks the security@phpmyadmin.net mailbox was full of reports and we really struggled to handle such amount. Handling that amount actually lead to creating more formalized approach to handling them as we clearly were no longer able to deal with them based on email only. Anyway most work here was done by Emanuel Bronshtein, who is really looking at every piece of our code and giving useful tips to harden our code base and infrastructure.

Second thing which got changed is that we release security announcements for security hardening even when there might not be any practical attack possible. Typical example here might be PMASA-2016-61, where using hash_equals is definitely safer, but even if the timing attack would be doable here, the practical result of figuring out admin configured allow/deny rules is usually not critical. Many of the issues also cover quite rare setups (or server misconfigurations, which we've silently fixed in past) like PMASA-2016-54 being possibly caused by server executing shell scripts shipped together with phpMyAdmin.

Overall phpMyAdmin indeed got safer this year. I don't think that there was any bug that would be really critical, on the other side we've made quite a lot of hardenings and we use current best practices when dealing with sensitive data. On the other side, I'm pretty sure our code was not in worse shape than any similarly sized projects with 18 years of history, we just become more visible thanks to security audit and people looked deeper into our code base.

Besides security announcements this all lead to generic hardening of our code and infrastructure, what might be not that visible, but are important as well:

  • All our websites are server by https only
  • All our releases are PGP signed
  • We actively encourage users to verify the downloaded files
  • All new Git tags are PGP signed as well

Filed under: Debian English phpMyAdmin SUSE | 0 comments

Michael Meeks: 2016-11-28 Monday.

16:55 UTCmember

  • Up lateish, practices with babes; mail chew. Team calls variously, chat with Georg. Reviewed some online QA pieces.

27 November, 2016

Michael Meeks: 2016-11-27 Sunday.

21:00 UTCmember

  • NCC in the morning, back for lunch with Peter, Dianne & Lydia, lovely to see them. Took N. and E. to a pre-exam concert in the afternoon, followed by much slugging; feeling increasingly unwell unfortunately.

On the Nextcloud blog I just published about the beta for Nextcloud 11. The release will deliver many improvements and is worth checking out in itself, plus I put a nice clickbait-style title and gave three reasons to test it.

But I actually have some more reasons to test. You see, Nextcloud is one of the tools we need to keep our democracy working. As Frank notes on his home page:
"Privacy is the foundation of democracy"
And he is completely right. So, here are three different reasons why you should test (and help improve) Nextcloud:

1. The USA is making a massive swing towards even more spying

Obama has done nothing to curb the growth of the NSA and the scope of its operations. Secret laws spiked under his watch. Many of the folks about to be put in power by President-elect Trump favor more spying, including on US citizens, expansion of the NSA, a crackdown on whistleblowers and more. Trump's pick for CIA director calls for Snowden's execution. For what I can only guess must be giving proof of illegal government spying to dangerous terrorists like the Washington Post and the Guardian, who proceeded to win a Pulitzer prize by disclosing this information irresponsibly to the US public.

In general, as somebody who changes his stance on hugely important and complicated issues like torture in under an hour, it is impossible to predict what Trump will do with the most powerful spying agency in the world under his control, but his appreciation for dictatorial figures like Kim Jong Il and Putin gives plenty cause for concern.

2. Britain isn't doing much better

I wrote about the Snoopers' charter just some days ago - this piece of legislation goes further than any earlier piece of spying law. It allows not only passive spying but also actively hacking devices from citizens.

3. Nor is Europe

The UK is not alone. Since Snowden, Europe has complained a bit about the NSA but seems to simply follow suit, rather than doing anything about it. Germany is even introducing a bill that will allow spying on foreign journalists.

Help out!

So, how can you help? Well, test Nextcloud 11 Beta, obviously. Help others to use it, get them involved. But it goes beyond Nextcloud - promote the use of and help improve tools like Tor, Signal and others, or democracy is screwed.

Edit: updated the blog 


Admit it: how many times you have seen “software from this branch is completely untested, use it at your own risk” when you checked the latest code from any FOSS project? I bet you have, many times. For any reasonably modern project, this is not entirely true: Continuous Integration and automated testing are a huge help in ensuring that the code builds and at least does what it is supposed to do. KDE is no exception to this, thanks to build.kde.org and a growing number of unit tests.

Is it enough?

This however does not count functional testing, i.e. checking whether the software actually does what it should. You wouldn’t want KMail to send kitten pictures as a reply to a meeting invitation from your boss, for example, or you might want to test that your office suite starts and is able to actually save documents without crashing. This is something you can’t test with traditional unit testing frameworks.

Why does this matter to KDE? Nowadays, the dream of always summer in trunk as proposed 8 years ago is getting closer, and there are several ways to run KDE software directly from git. However, except for the above strategy, there is no additional testing done.

Or, should I rather say, there wasn’t.

Our savior, openQA

Those who use openSUSE Tumbleweed know that even if it is technically a “rolling release” distribution, it is extensively tested. That is made possible by openQA, which runs a full series of automated functional tests, from installation to actual use of the desktops shipped by the distribution. The recently released openSUSE Leap has also benefited from this testing during the development phase.

“But, Luca,” you would say, “we already know about all this stuff.”

Indeed, this is not news. But the big news is that, thanks mainly to the efforts of Fabian Vogt and Oliver Kurz, now openQA is testing also KDE software from git! This works by feeding the Argon (Leap based) and Krypton (Tumbleweed based) live media, which are roughly built daily, to openQA, and running a series of specific tests.

You can see here an example for Argon and an example for Krypton (note: some links may become dead as tests are cleaned up, and will be adjusted accordingly). openQA tests both the distro-level stuff (the console test) and KDE specific operations (the X11 test). In the latter case, it tests the ability to launch a terminal, running a number of programs (Kate, Kontact, and a few others) and does some very basic tests with Plasma as well.

Is it enough to test the full experience of KDE software? No, but this is a good solid foundation for more automated testing to spot functional regressions: during the openSUSE Leap 42.2 development cycle, openQA found several upstream issues in Plasma which were then communicated to the developers and promptly fixed.

Is this enough for everything?

Of course not. Automated testing only gets so much, so this

26 November, 2016

Michael Meeks: 2016-11-26 Saturday.

21:00 UTCmember

  • Out to a prepare-the church Swaffham Bulbeck Church Arts Fair with the babes, who played their quartet, painted faces, and much more. Lunch with Martin, back in the afternoon.
  • Spent a bit of time digging at the top crash report - and armoured VCL against exceptions during frame construction. Discovered that (amazingly) Windows 64 has a limit of 10,000 GDI handles which bites us (admittedly in a somewhat silly code-path), amazing.
  • H. out for a sleepover, read to all the babes.

25 November, 2016

Michael Meeks: 2016-11-25 Friday.

21:00 UTCmember

  • Up rather early; Men's prayer meeting at Church in the morning; back - read mail, to work.
  • Spent some time puzzling over my nice cleanup of the (broken) comphelper threadpool - which in turn was crippled by the horrible MS inspired osl::Condition API, which ... anyhow - now it is all clean and use std::mutex and std::condition_variable instead - except - that works beautifully on all platforms except windows. Dug into it - and found this horror: punch line, you can only use a std::mutex in a static de-initializer if you compile with Visual Studio 2015+ and run on anything later than WinXP: nice. Encouragingly the boost guys appear quite able to make it work.


Dear Tumbleweed users and hackers,

It seems unbelievable, but we did it again: a week with a new snapshot every single day. This review will cover the 7 snapshots {1117..1123}. Unfortunately, That’s the end of the streak, as we had to cancel 1124 already due to sddm doing something strange with the login screen. But we’re confident that the currently building snapshot will be fine again and will reach you tomorrow.

What did the 7 snapshots bring to the openSUSE Tumbleweed userbase:

  • Mesa 13.0.1 – minor update from 13.0.0
  • Mozilla Firefox 50.0
  • KDE Frameworks 5.28.0
  • 3 Kernel updates (4.8.8, 4.8.9 and 4.8.10)
  • cmake 3.7.0
  • systemd package closing the gap to SLE, preparing for more intrusive updates

And there are some things piling up to be delivered to you:

  • X.Org 1.19.0 – some driver updates are ready, some still need adjustments
  • sddm 0.14.0 – second attempt

That’s just the noteworthy things that are already in the queue to Tumbleweed; but I’m sure the various developer teams are preparing many more things in their dev spaces.

24 November, 2016

Michael Meeks: 2016-11-24 Thursday.

21:00 UTCmember

  • Mail chew; call - dis-assembled my Galaxy S4 while in a call and swapped its main-board with mine; been suffering problems where the battery says it is 100% charged - but it dies and goes into a constant re-boot loop; replaced the USB charging port, so assumed it was the PM chip. Amused after re-assembly to find that it crashed and loop-bootedduring installation despite having a full battery: it must be the battery I guess; ho hum - annoying - potentially having it on charge constantly is an issue - the joy of sedentary work from home-ness I guess.
  • Plugged at comphelper a bit more; call with Andras, a longish ESC call - posted minutes. Plugged away at renaming 'online's code into a more helpful and familiar structure.


libelektra is a configuration library and tools set. It provides very many capabilities. Here I’d like to show how to observe data model changes from key/value manipulations outside of the actual application inside a user desktop. libelektra broadcasts changes as D-Bus messages. The Oyranos projects will use this method to sync the settings views of GUI’s, like qcmsevents, Synnefo and KDE’s KolorManager with libOyranos and it’s CLI tools in the next release.

Here a small example for connecting the org.libelektra interface over the QDBusConnection class with a class callback function:

Declare a callback function in your Qt class header:

public slots:
 void configChanged( QString msg );

Add the QtDBus API in your sources:

#include <QtDBus/QtDBus>

Wire the org.libelektra intereface to your callback in e.g. your Qt classes constructor:

if( QDBusConnection::sessionBus().connect( QString(), "/org/libelektra/configuration", "org.libelektra", QString(),
 this, SLOT( configChanged( QString ) )) )
 fprintf(stderr, "=================== Done connect\n" );

In your callback arrive the org.libelektra signals:

void Synnefo::configChanged( QString msg )
 fprintf( stdout, "config changed: %s\n", msg.toLocal8Bit().data() );

As the number of messages are not always known, it is useful to take the first message as a ping and update with a small timeout. Here a more practical code elaboration example:

// init a gate keeper in the class constructor:
acceptDBusUpdate = true;

void Synnefo::configChanged( QString msg )
  // allow the first message to ping
  if(acceptDBusUpdate == false) return;
  // block more messages
  acceptDBusUpdate = false;

  // update the view slightly later and avoid trouble
  QTimer::singleShot(250, this, SLOT( update() ));

void Synnefo::update()
  // clear the Oyranos settings cache (Oyranos CMS specific)
  oyGetPersistentStrings( NULL );

  // the data model reading from libelektra and GUI update
  // code ...

  // open the door for more messages to come
  acceptDBusUpdate = true;

The above code works for both Qt4 and Qt5.

23 November, 2016

Michael Meeks: 2016-11-23 Wednesday.

21:00 UTCmember

  • Mail, admin, planning; signed E-paperwork. Lunch with J. New phone for spare parts arrived; good. Bit of hacking in the evening - converted comphelper's not terribly reliable threadpool to use std::conditions - anything to avoid the horrific Win32 condition situation.


As promised in previous posts, we want to share with you our experience and views from this year annual Ruby conference Euruko. Maybe “our” is too much to say, since we only sent one developer there. So to be precise, these are Josef Reidinger’s experience and views on the conference.

This year Euruko took place in Sofia, capital of Bulgaria. It turned out to be a great conference place. Public transport works very well, everyone speak English and even when it uses Cyrilic alphabet, almost everything is written also in Latin one.

That being said, let’s talk about the conference content. Fortunately all the presentations were recorded so you can watch them yourself. But since it would be quite some hours of video to go through, we have reviewed some presentations for you including access to the corresponding videos.


Let’s start with the three presentation Josef specially recommend to watch.

Keynote by Matz

He speaks about how Ruby 3 will probably look in distant future. With “distant future” meaning “for sure not in next two years”. If you cannot wait, it’s worth mentioning that Ruby 2.4 will be released on December.

Ruby 3 will use guild membership concurrency model. The most interesting part of the talk is digging into rationale of typed versus non-typed languages and what can be the Ruby future in that regard.

Rules, Laws and Gently Guidelines by Andrew Radev

Interesting view about common design principles, common mistakes when applying them and looking to them from different angles. Also explaining how to handle situations in which several design principles seem to contradict each other.

Elixir by Jose Valim

Interesting intro to Elixir language. What it is, why it make sense to use it and what are its benefits. Josef’s impression was that Elixir’s idea is similar to isolated micro-services communicating via messages, with nice introspection and scalability.

But we have more team members with something to say about Elixir. Like Imobach, who has been playing with Elixir (and Phoenix) for some time now. And Imobach really likes Elixir, so he would like to add some more bits of information for those who are interested.

For example, he would like to highlight that Elixir uses BEAM, the Erlang virtual machine, so great support for concurrency is backed in the platform. Concurrency sits on the concept of Erlang processes and it’s pretty common to use them for all kind of tasks (from computation to storing state, etc.). Imobach would like to encourage all developers out there to take a look to OTP (Open Telecom Platform). Who needs micro-services at all?

Last but not least, take into account that Elixir is a functional language, so if you have an object-oriented mindset (like most Ruby developers) it will take some time to wrap your head around it.

Other presentations

Little Snippets by Xavier Noria

Summary of common inefficiency in small snippets. Small things that matter, although most of them should be already


News of Linux releases are getting most of the headlines during November while snapshots of openSUSE Tumbleweed have subtly been flying under the radar.

Other than Nov. 3 and Nov. 6, openSUSE Tumbleweed had updated software snapshots released every day this month.

The last update on news.opensuse.org included snapshot 20161108 and the 13 snapshots that have followed that have included hundreds of new packages.

The streak will continue past the most recent snapshot that is list 20161121. Snapshot  20161121 updated the Linux kernel to version 4.8.9. The snapshot also includes an update in the repositories for CMake 3.7.0, which adds several new modules and commands.

The snapshot the day before, 20161120, updated perl-DBD-SQLite, perl-XML-XPath and perl-Log-Log4perl. Internet Relay Client Polari was updated to version 3.22.2 and fixed a glitch when opening a user list. Snapshot 20161119 updated autoyast2 to version 3.2.3 and yast2 to version 3.2.4.

WireShark was updated to version 2.2.2 in the 20161118 snapshot and provides updated protocol support for networks including OpenFlow and ZigBee. Libvirt also received several new subpackages in the snapshot.

The largest snapshot in the Tumbleweed streak was 20161117. Snapshot 20161117 provided a major update to Mozilla Firefox 50.0, a minor update to Mesa with 13.0.1, and KDE Frameworks  5.28.0 brought numerous KWayland improvements.

KDE Applications was updated to 16.08.3, which only contained bugfixes and translation updates, in the 20161113 and 20161112 snapshots. Snapshot 20161112 provided an update to VirtualBox 5.1.8_k4.8.6_2 and both 20161112 and 20161110 delivered updates to GNOME 3.22.2.

For information about the other Tumbleweed snapshots not covered in this review can be viewed on the openSUSE Factory Mailing List.

22 November, 2016

Michael Meeks: 2016-11-22 Tuesday.

21:00 UTCmember

  • Mail chew, commercial call, built ESC stats, reviewed text. Chat with Philippe, out for a run with N. back to more work later.

Calvin Gaisford: Pigs Fly

18:36 UTC


I was chatting today with Boyd and he discovered he hasn't blogged anything since January 1, 2009.  The shocking part came when we realized that was four years ago.  While it hasn't been that long for me, I've been pretty inconsistent and most of my recent entries have been about biking.  Since I can't bike right now (27˚F) I thought I'd write about some technology.

A little more than a month ago I began work on Todo Pro for Android.  I have a very limited working version that I can use and syncs with the Todo Pro service.  BTW, the answer is no you can't have it yet, only I know how to tip-toe through it so it doesn't have problems.  

Galaxy Note 2
Just before Christmas I decided I needed to really experience life with an Android phone so I went shopping.  I was limited to the Verizon models available and spent half a day researching and going to the Verizon store to play with the devices.  The first device I was shown was the Samsung Galaxy Note 2.  I stick with my first observation in that this device is not a phone.  It is a very small tablet that works to make phone calls and is only good for Women who can place it in their purse.  As if calling something this large a phone isn't enough entertainment, it comes with a stylus!  

For the benefit the younger and less experienced reader, a stylus is a stick that looks like a pencil that you use for input on a device.  It's sort of how you use your finger on your iPhone, but think Soviet Military from the 80's.  Steve Jobs was right.  My top desk drawer tends to collect items at the back of it that were useful in their day but have now been replaced.  Under a collection of foreign money not worth the time or effort to exchange and an old wallet I never used is my old worn out collection of styli from devices years ago.

Back of my desk drawer
Lost Styli Revealed

The thought of going back to a stylus is frightening, but the sales guy at the Verizon store assured me the Galaxy Note 2 was the most advanced phone made.

Samsung Galaxy S III
I spent a lot of time looking at the various Android phones available and even called up Android users I knew and asked their advice.  The Galaxy S III seemed like a logical choice.  It's Verizon's most popular phone from what I could tell and it had the best Calendar App (an exclusive app to Samsung) of all of the devices.  I use my calendar a lot!  It also had great specs and I was fairly confident it would get the next few Android updates which would prolong it's usefulness to Appigo.  I bought the phone and had them connect it to

pic from the ZDNet article
The United Kingdom this week passed the so called Snoopers Charter, a law which forces UK internet providers to store the browsing history of UK citizens for a full year. You, your family, visitors or any devices in your household which have been hacked (the government is now allowed to do that, by the way) better not visit anything bad as the government can get their hands on this data quite easily. What does this mean and what can you do?

An attack on privacy

There is a global siege on privacy. Governments all over the world have introduced legislation (sometimes secret) which forces email, internet or data storage providers to track what you do and make that data available to their governments. This, of course, also means third parties who gain access to the storage systems can see and abuse it. And because so many of us have put so much of our data at just a few providers, we're at great risk as events like last week's shutdown of hundreds of Google accounts did show.

While Google, Dropbox and others lure customers in with 'free' data storage and great online services, governments benefit from centralized data storages as it makes it easy for them to hack in or demand data from these companies.

Why this surveillance?

While governments usually claim they need access to this data to find terrorists or child pornography, experts point out that it will not be helpful at all. As multiple experts (even internally) put it, growing the haystack makes it harder to find the needle. Intelligence agencies are swamped with data and nearly every terrorist attack in western states over the last decade took place despite the agencies having all information they would have needed to prevent it. The Paris attackers, for example, coordinated their attack using plain SMS messages. The Guardian thus rightly points out that:
"Paris is being used to justify agendas that had nothing to do with the attack"
which has become a familiar refrain after nearly every terrorist attack.

Indeed, we all know the argument But you have nothing to hide, do you? and indeed, we probably don't. But some people do, so they'll try to avoid being seen. That being illegal won't change their behavior...

And as Phill Zimmermann, the inventor of the PGP encryption pointed out:
"When privacy is outlawed, only outlaws will have privacy"

So not terrorists. Then what?

Experts agree that the vast majority of these surveillance and anti-privacy laws have little or no effect on real criminals. The crime syndicates, corrupt politicians and large corporations evading taxes and anti-trust/health/environmental laws, they DO have something to hide, and thus they would use encryption or avoid surveilled communication methods even if it were outlawed.

However, ordinary citizens, including grass-roots local activists, charitable organizations, journalists and others, who DO have nothing to hide, would be surveilled closely. And with that information, the real criminals mentioned


It’s official; the Warrior Tablet made by MJ Technology and powered by openSUSE is ready for the world; now it just needs funding through an Indiegogo crowdfunding campaign.

Avid Linux users can reap the benefits of four 10.1” Linux tablets offered by MJ Techology. The specifications of the four tablets vary in power and cost, but all come with the power of Linux and openSUSE at the core.

“MJ Technology, a leader in affordable cutting edge tech, is pleased to introduce the MJ Technology Warrior series tablets powered by openSUSE,” said Mark Jun, CEO for MJ Technology.

The preinstalled image on the Warrior Tablet Series is GNOME on openSUSE Leap, but users are welcome to change/reinstall/use Tumbleweed/etc. Any hardware support will be upstream via the Open Build Service and will not impede different usage patterns, so there is no lock-in, which gives the user choice.

The tablets offer dual boot for Windows 10 or use openSUSE Leap as a sole operating system for personal use. System administrators needing to manage multiple servers remotely can fulfill needs with the World’s First actual Made-for-Linux x86/x64 Tablet.

“We are excited about the implications this tablet has for openSUSE and the greater Free and Open Source Software communities,” said Richard Brown, chairman of the openSUSE Board. “openSUSE has always been an advocate for inclusion and this tablet offers an approach to have a Made-for-Linux x86/x64 Tablet running other popular Linux distributions.”

The four Warrior series tablets offer either the Intel® Atom™ x7-Z8750 or x5-Z8350 processor and users have the benefit with openSUSE to choose what desktop environment they want.

MJ Technology, through its crowdfunding campaign, seeks to raise $100,000.00 for the factory start-up and initial tooling costs to help bring the tablet design to the world market. Eight developers and engineers with a combined 50 years in mobile technology fields made the devices work seamlessly and are planning to improve aspects of the design going forward as well and bring other distributions to the tablet; openSUSE’s distribution is just the beginning. Once the openSUSE powered tablet is successfully funded, expansion to include other distributions as well as improving features and functionality will begin.


Mentors for this year’s Google Summer of Code blog about their experience being a mentor, the Mentor Summit at Google and the collaborative effort start an openSUSE mentoring page, 101.opensuse.org. View the blow here or read it below.

It is getting colder in Germany, so it’s a time to recap Google Summer of Code 2016. This year we had six great students and in August Google announced that all of our students successfully finished their projects. What great news!

All good things come to an end

This year was especially exciting as we did not make it into GSoC in 2015 and therefore all of our mentors and students worked particularly hard to prepare and realize this year’s edition.

Hernán Schmidt, a first time GSoC mentor, told us about “the great experience to guide a young developer and see him grow”. His student, Rishabh Saxena, who worked on the Open Source Event Manager (OSEM) writes in his final blog article that he learned test driven development and web security. He is now even participating in this year’s Mozilla Winter of Security!

Ana Maria Martinez Gomez, who also worked on OSEM, reports about the great experience of working in an Open Source community and attending the openSUSE Conference in Nuremberg.

Seeing his project evolve and learning about continued integration tools like Travis was what Joaquín Yeray Martín de la Nuez values the most.

Matheus Fernandes really liked that GSoC is not only about coding, but also about meeting people and making friends.

However, Shalom Ray describes that he also went through not so great and wonderful times while he developed to a better developer this summer.

If you are interested in JavaScript and Jangouts, an open source Google Hangouts alternative, you should check out Martin Garcia’s blog.

Mentor Summit

SFO Every year, Google invites two mentors from every organization to the Mentor Summit at the Google Campus in California. This year, Hernán and Christian attended for openSUSE and Stella and Jan-Frederik for FOSDEM. It was an amazing experience being in Silicon Valley and collaborating with FOSS contributors from all around the world to make GSoC better and more successful. The Mentor Summit is organized as an unconference, which means that the content is arranged by the attendees. We especially collaborated in two sessions about our conference tool OSEM and the openSUSE 101 mentoring page.

Chocolate table

To recover from all the amazing talks and conversations, the attendees organized a chocolate table with different chocolates from all over the world. Besides attending the conference, we also had some time for sightseeing, so we visited the Computer History Museum in Mountain View and the Twin Peaks in San Francisco.

Wrapping up for next year

Meanwhile, Google already announced Google Summer of Code 2017. For open source organizations the application period starts on January 19, and for interested students on March 20. If you are interested in participating as student, mentor or administrator, get in touch

21 November, 2016

Michael Meeks: 2016-11-21 Monday.

21:00 UTCmember

  • Practice with babes in the morning; team meetings, admin, E-mail, and such like all day.


Back in January of 2013 I wrote about wakeup alarms and compared the difference between Android and iOS.  That was back on an iPhone 5 and a Droid RAZR M.  I haven't thought much about it in recent years since I've been mostly using an iPhone but I've been thinking about it every morning since iOS 10 came out.

iOS 10 Alarm Lock Screen

In previous posts I have mentioned that I have pretty bad eye sight without my glasses and on top of that, the years are making it even more difficult to focus up close.  The screenshot above is about what my alarm lock screen looks like to me in the morning.  That tiny white smear at the bottom is actually a button.  It's one of those new beautiful iOS buttons that look nothing like a button.  It just looks like text that says Stop until you learn that if you tap right on the text it actually stops the alarm. In order to turn off the alarm every morning I have to pinpoint that button while being very groggy and without my glasses on.  It normally takes me five or six taps if I'm lucky.  About twice a week I have to pick up my phone and aim with my other hand several times to turn off my alarm.

Since I compared the screens between iOS and Android previously, I thought I would check out Android N and see what they are up to.  Here is are the two screen shots next to each other.

iOS 10 - tap Stop
Android N - Swipe left to snooze, right to stop
Prior to iOS 10, iOS had a swipe option and Android had a tap to snooze and a tap to stop option. Three years later and Apple no longer has a swipe option and Android N is only swipe. Below is what my blurry morning vision would do to the Android alarm screen.

The Android N version is not as easy as the previous versions of iOS but definitely easier than the iOS 10 version.  Just pull that white dot in the middle of the screen to the right and it will turn off. It's not obvious when looking at the blurry screen but learnable.  iOS 10 also has to be learned but still has the problem of the impossibly small stop text button.  It's funny that the iOS screen has a big snooze button that looks like a button.  Apple really wants people to Snooze.

20 November, 2016

Michael Meeks: 2016-11-20 Sunday.

21:00 UTCmember

  • NCC; chatted to people; back for lunch with Hannah, Nick & Joni. Made Xmas decorations, chatted by the fire, Hannah took photos for a painting of quartet playing girls. Watched The Secret Life of Pets together - comic. Put babes to bed.


In a stream, you might be wondering why you have search hits looking for a basic string in message when the query string is built for you as you click the little magnifying glass “+” next to a record’s message field, yet none when you actually copy/paste the query or typing it out — and hence no alert triggering.

This is due to terms.

Our devoted folks at Graylog actually warn us about it: http://docs.graylog.org/en/2.1/pages/streams/alerts.html#alerts

Here is an example. I want to trigger an alert when value condition message:”has not been migrated”. The screenshot below shows the associated terms. In this particular example, I am getting values from a file via graylog-sidecar and nxlog from a Windows machine.


If I just create my stream alert with “Field content value condition”, with “message” contains “has not been migrated” (i.e. as in just typing it out or copy-pasting the text), it won’t work. But there is a trick. A bit ugly, but well, it works.

Given the screenshot above, build your query simply by clicking on the magnifying glass and search. There, you can (need to) actually adjust it. It will retain its “magic”. And it will match. Yet, nothing stands out in that query compared to when you type it out, right?

Now, let’s look at the Elasticsearch query to see how it was built. Click on Show query.


The query string is probably not the one you would have expected. This is because of terms. Each arrow points to a letter of what I am looking for: “h”, “a”, “s” and so on.

(the whole query doesn’t show obviously)

You need that odd-looking query into your alerting criteria instead of your “plain text” query. It will now trigger as expected.


Older blog entries ->